summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/deploy/config/deployment.cfg49
-rwxr-xr-xbase/deploy/src/pkidestroy4
-rwxr-xr-xbase/deploy/src/pkispawn4
-rw-r--r--base/deploy/src/scriptlets/pkiconfig.py1
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py59
5 files changed, 31 insertions, 86 deletions
diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg
index 6ff7a35bb..bb2bfa9b9 100644
--- a/base/deploy/config/deployment.cfg
+++ b/base/deploy/config/deployment.cfg
@@ -1,8 +1,13 @@
###############################################################################
-## Default Configuration: ##
+## Common Configuration: ##
+## ##
+## Values in this section are common to more than one PKI subsystem, and ##
+## contain required information which MAY be overridden by users as ##
+## necessary. ##
+## ##
+## There are also some meta-parameters that determine how the PKI ##
+## configuratiion should work. ##
## ##
-## This section contains meta-parameters that determine how the PKI ##
-## configuration should work. ##
###############################################################################
[DEFAULT]
@@ -47,17 +52,6 @@ destroy_scriplets=
infrastructure_layout
finalization
-###############################################################################
-## Common Configuration: ##
-## ##
-## Values in this section are common to more than one PKI subsystem, and ##
-## contain required information which MAY be overridden by users as ##
-## necessary. ##
-## ##
-## NOTE: Default values will be generated for any and all required ##
-## 'common' data values which are left undefined. ##
-###############################################################################
-[Common]
pki_admin_cert_request_type=crmf
pki_admin_domain_name=
pki_admin_dualkey=False
@@ -85,14 +79,17 @@ pki_client_dir=
pki_client_pkcs12_password=
pki_ds_base_dn=
pki_ds_bind_dn=cn=Directory Manager
-pki_ds_database=
-pki_ds_hostname=
+pki_ds_database=%(pki_instance_name)s-%(pki_subsystem)s
+pki_ds_hostname=%(hostname)s
pki_ds_ldap_port=389
pki_ds_ldaps_port=636
pki_ds_password=
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
+pki_http_port=%(default_http_port)s
+pki_https_port=%(default_https_port)s
+pki_instance_name=%(default_instance_name)s
pki_issuing_ca=
pki_restart_configured_instance=True
pki_security_domain_hostname=
@@ -108,9 +105,11 @@ pki_ssl_server_key_type=rsa
pki_ssl_server_nickname=
pki_ssl_server_subject_dn=
pki_ssl_server_token=
+pki_subsystem=%(subsystem_type)s
pki_subsystem_key_algorithm=SHA256withRSA
pki_subsystem_key_size=2048
pki_subsystem_key_type=rsa
+pki_subsystem_name=%(pki_subsystem)s %(hostname)s %(pki_https_port)s
pki_subsystem_nickname=
pki_subsystem_subject_dn=
pki_subsystem_token=
@@ -126,9 +125,6 @@ pki_user=pkiuser
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[Apache]
-pki_instance_name=pki-apache
-pki_http_port=80
-pki_https_port=443
###############################################################################
## Tomcat Configuration: ##
@@ -157,9 +153,6 @@ pki_clone_replication_security=None
pki_clone_uri=
pki_enable_java_debugger=False
pki_enable_proxy=False
-pki_http_port=8080
-pki_https_port=8443
-pki_instance_name=pki-tomcat
pki_proxy_http_port=80
pki_proxy_https_port=443
pki_security_manager=true
@@ -203,8 +196,6 @@ pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=
pki_ocsp_signing_token=
pki_subordinate=False
-pki_subsystem=CA
-pki_subsystem_name=
###############################################################################
## KRA Configuration: ##
@@ -222,8 +213,6 @@ pki_storage_nickname=
pki_storage_signing_algorithm=SHA256withRSA
pki_storage_subject_dn=
pki_storage_token=
-pki_subsystem=KRA
-pki_subsystem_name=
pki_transport_key_algorithm=SHA256withRSA
pki_transport_key_size=2048
pki_transport_key_type=rsa
@@ -248,8 +237,6 @@ pki_ocsp_signing_nickname=
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=
pki_ocsp_signing_token=
-pki_subsystem=OCSP
-pki_subsystem_name=
###############################################################################
## RA Configuration: ##
@@ -258,8 +245,6 @@ pki_subsystem_name=
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[RA]
-pki_subsystem=RA
-pki_subsystem_name=
###############################################################################
## TKS Configuration: ##
@@ -270,8 +255,6 @@ pki_subsystem_name=
###############################################################################
[TKS]
pki_import_admin_cert=True
-pki_subsystem=TKS
-pki_subsystem_name=
###############################################################################
## TPS Configuration: ##
@@ -280,5 +263,3 @@ pki_subsystem_name=
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[TPS]
-pki_subsystem=TPS
-pki_subsystem_name=
diff --git a/base/deploy/src/pkidestroy b/base/deploy/src/pkidestroy
index 4e8bca9d1..69daa13ad 100755
--- a/base/deploy/src/pkidestroy
+++ b/base/deploy/src/pkidestroy
@@ -119,8 +119,6 @@ def main(argv):
# NEVER print out 'sensitive' name/value pairs!!!
config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_common_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
@@ -133,8 +131,6 @@ def main(argv):
# NEVER print out 'sensitive' name/value pairs!!!
config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_common_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
diff --git a/base/deploy/src/pkispawn b/base/deploy/src/pkispawn
index 73d236247..79ab1b230 100755
--- a/base/deploy/src/pkispawn
+++ b/base/deploy/src/pkispawn
@@ -139,8 +139,6 @@ def main(argv):
# NEVER print out 'sensitive' name/value pairs!!!
config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_common_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
@@ -153,8 +151,6 @@ def main(argv):
# NEVER print out 'sensitive' name/value pairs!!!
config.pki_log.debug(log.PKI_DICTIONARY_COMMON,
extra=config.PKI_INDENTATION_LEVEL_0)
- config.pki_log.debug(pkilogging.format(config.pki_common_dict),
- extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(log.PKI_DICTIONARY_WEB_SERVER,
extra=config.PKI_INDENTATION_LEVEL_0)
config.pki_log.debug(pkilogging.format(config.pki_web_server_dict),
diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py
index 35c80a5f7..ec6c5ea38 100644
--- a/base/deploy/src/scriptlets/pkiconfig.py
+++ b/base/deploy/src/scriptlets/pkiconfig.py
@@ -205,7 +205,6 @@ pki_console_log_level = None
# PKI Deployment Global Dictionaries
pki_default_dict = None
-pki_common_dict = None
pki_web_server_dict = None
pki_subsystem_dict = None
pki_master_dict = None
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index a99425960..520aabe5e 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -219,7 +219,22 @@ class PKIConfigParser:
"Read configuration file sections into dictionaries"
rv = 0
try:
- self.pki_config = ConfigParser.ConfigParser()
+ if config.pki_subsystem in config.PKI_TOMCAT_SUBSYSTEMS:
+ default_instance_name = 'pki-tomcat'
+ default_http_port = '8080'
+ default_https_port = '8443'
+ else:
+ default_instance_name = 'pki-apache'
+ default_http_port = '80'
+ default_https_port = '443'
+
+ predefined_dict = {'default_instance_name': default_instance_name,
+ 'default_http_port': default_http_port,
+ 'default_https_port': default_https_port,
+ 'subsystem_type' : config.pki_subsystem,
+ 'hostname': config.pki_hostname}
+
+ self.pki_config = ConfigParser.SafeConfigParser(predefined_dict)
# Make keys case-sensitive!
self.pki_config.optionxform = str
self.pki_config.read([
@@ -227,7 +242,6 @@ class PKIConfigParser:
config.pkideployment_cfg])
config.pki_default_dict = self.pki_config.defaults()
pkilogging.sensitive_parameters = config.pki_default_dict['sensitive_parameters'].split()
- config.pki_common_dict = dict(self.pki_config._sections['Common'])
if config.pki_subsystem == "CA":
config.pki_web_server_dict = dict(self.pki_config._sections['Tomcat'])
config.pki_subsystem_dict = dict(self.pki_config._sections['CA'])
@@ -249,7 +263,6 @@ class PKIConfigParser:
# Insert empty record into dictionaries for "pretty print" statements
# NEVER print "sensitive" key value pairs!!!
config.pki_default_dict[0] = None
- config.pki_common_dict[0] = None
config.pki_web_server_dict[0] = None
config.pki_subsystem_dict[0] = None
except ConfigParser.ParsingError, err:
@@ -296,7 +309,6 @@ class PKIConfigParser:
# Configuration file name/value pairs
# NEVER add "sensitive" key value pairs to the master dictionary!!!
config.pki_master_dict.update(config.pki_default_dict)
- config.pki_master_dict.update(config.pki_common_dict)
config.pki_master_dict.update(config.pki_web_server_dict)
config.pki_master_dict.update(config.pki_subsystem_dict)
config.pki_master_dict.update(__name__="PKI Master Dictionary")
@@ -1466,7 +1478,6 @@ class PKIConfigParser:
# config.pki_master_dict['pki_issuing_ca']
# config.pki_master_dict['pki_security_domain_hostname']
# config.pki_master_dict['pki_security_domain_name']
- # config.pki_master_dict['pki_subsystem_name']
#
# if security domain user is not defined
@@ -1488,34 +1499,6 @@ class PKIConfigParser:
else:
config.pki_master_dict['pki_security_domain_user'] = "caadmin"
- if not len(config.pki_master_dict['pki_subsystem_name']):
- if config.pki_master_dict['pki_subsystem'] in\
- config.PKI_TOMCAT_SUBSYSTEMS and \
- config.str2bool(config.pki_master_dict['pki_clone']):
- config.pki_master_dict['pki_subsystem_name'] =\
- config.PKI_DEPLOYMENT_CLONED_PKI_SUBSYSTEM + " " +\
- config.pki_subsystem + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- elif config.pki_subsystem == "CA" and \
- config.str2bool(config.pki_master_dict['pki_external']):
- config.pki_master_dict['pki_subsystem_name'] =\
- config.PKI_DEPLOYMENT_EXTERNAL_CA + " " +\
- config.pki_subsystem + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- elif config.pki_subsystem == "CA" and \
- config.str2bool(config.pki_master_dict['pki_subordinate']):
- config.pki_master_dict['pki_subsystem_name'] =\
- config.PKI_DEPLOYMENT_SUBORDINATE_CA + " " +\
- config.pki_subsystem + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
- else:
- config.pki_master_dict['pki_subsystem_name'] =\
- config.pki_subsystem + " " +\
- config.pki_master_dict['pki_hostname'] + " " +\
- config.pki_master_dict['pki_https_port']
if config.pki_subsystem != "CA" or\
config.str2bool(config.pki_master_dict['pki_clone']) or\
config.str2bool(config.pki_master_dict['pki_subordinate']):
@@ -1581,8 +1564,6 @@ class PKIConfigParser:
# deployment configuration file and potentially overridden below:
#
# config.pki_master_dict['pki_ds_base_dn']
- # config.pki_master_dict['pki_ds_database']
- # config.pki_master_dict['pki_ds_hostname']
#
if not config.str2bool(config.pki_master_dict['pki_clone']):
if not len(config.pki_master_dict['pki_ds_base_dn']):
@@ -1596,14 +1577,6 @@ class PKIConfigParser:
config.pki_master_dict['pki_ds_base_dn'] =\
"o=" + config.pki_master_dict['pki_instance_id'] +\
"-" + config.pki_subsystem
- if not len(config.pki_master_dict['pki_ds_database']):
- config.pki_master_dict['pki_ds_database'] =\
- config.pki_master_dict['pki_instance_id'] +\
- "-" + config.pki_subsystem
- if not len(config.pki_master_dict['pki_ds_hostname']):
- # Guess that the Directory Server resides on the local host
- config.pki_master_dict['pki_ds_hostname'] =\
- config.pki_master_dict['pki_hostname']
# Jython scriptlet
# 'External CA' Configuration name/value pairs
#